CLAIMS: 



1 . (Currently amended) A method for permitting access to applications, said method 

comprising: 

registering a first restricted application with at least one additional restricted 

application; and 

in response to a user performing only a single sign-on for said first restricted 
application, 

providing access to said first restricted application for said user; 

identifying said at least one additional restricted application accessible using said 

single sign-on; 

pr e senting displaying, to said user^ information identifying said at least one 
additional restricted application; and 

in response to [[said]] a user's selection , from said displayed information, of a 
selected additional restricted application firom the at least one additional restricted 
a pplication , providing access to said [[at least one]] selected additional restricted 
application. 

2. (Original) The method of Claim 1, wherein said registering further comprises: 
performing a single registration for all authorized users of said first restricted 

application. 

3. (Original) The method of Claim 1, wherein said registering further comprises: 
performing a plurality of registrations, for a plurality of groups of authorized 

users of said first restricted application; and 

providing an access level for each of said groups. 

4. (Canceled) 

5. (Original) The method of Claim 1 wherein: 

no additional key repository is required by said restricted applications. 
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6. (Currently amended) The method of Claim 1^ wherein: 

said pr e s e nting displaying further comprises said first restricted application 

sending a document in hypertext markup language , wherein said document includes at 
least one of a list or menu and wherein said at least one list or menu includes areas that 
are selectable by said user . 

7. (Original) The method of Claim 1, wherein said user's selection further 
comprises: 

receiying yia said first restricted application a selection signal from said user; and 
in response to said selection signal, sending yia said first restricted application a 
request for access to said at least one additional restricted application. 

8. (Original) The method of Claim 7, wherein: 

said user clicks a mouse button when a cursor is positioned oyer a predefined area 
of said presented information, to produce said selection signal. 

9. (Original) The method of Claim 1 , further comprising: 

collecting stored information regarding a user and an appropriate leyel of access; 

and 

sending to said user: 
a token and 

a redirect URL pointing to said at least one additional restricted application. 

10. (Original) The method of Claim 9, wherein: 
said token is encrypted; and 

said token represents said appropriate leyel of access. 

1 1 . (Currently amended) The method of Claim 1 , wherein: 

one of said restricted applications is at least one of an intranet web server j_a 
portal or a web application . 
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12-13. (Canceled) 



14. (Currently amended) A method for permitting access to applications, said method 

comprising: 

registering a first restricted application with a second restricted application; 

[[and]] 

in response to a user[[:]] signing on to said first restricted application [[only]], 
identifying said second restricted application accessible using said sign-on; 

displaying, to said user, information identifying a selection of said second 

restricted a p plication; and 

responsive to said user requesting access to said second restricted application by 
selecting from said information displayed to said user , automatically logging in to said 
second restricted application, for said user[[;]]i wherein[[:]] no new key repository is 
required by said first and second restricted applications. 

1 5. (Original) The method of Claim 14, wherein said automatically logging in further 
comprises: 

under control of said second restricted application, 

receiving from said first restricted application, a request to initiate said 

automatically logging in; 

sending to said user's client, via said first restricted application a response, having 

a complete-automatic-log-in URL, and token; 

receiving directly from said user's client a request, having said token; and 
sending directly to said user's client a response, having authenticated session 

information, and a welcome URL. 

16. (Original) The method of Claim 15, further comprising: 
in response to said request to initiate, 

creating said token; 

storing a copy of said token; and 

associating said token with said request to initiate. 
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17. (Original) The method of Claim 15, further comprising: 
verifying said token received from said user's client; and 
establishing a relationship and access level for said user's client. 

18. (Original) The method of Claim 15 wherein: 

said token represents an appropriate level of access. 

19. (Original) The method of Claim 14, further comprising: 
under control of said first restricted application, 

receiving from said user's client a request for access to said second restricted 
application; 

in response to said request for access, determining for said user, and said second 
restricted application, what level of access should be granted; and 

sending to said second restricted application a request to initiate said 
automatically logging in. 

20. (Currently amended) A system for permitting access to applications, said system 
comprising: 

means for registering a first restricted application with a second restricted 
application; [[and]] 

moans for automatically logging in to said second r e strict e d application, for a 
us e r; wh e r e in: 

no additional k e y r e pository is r e quir e d by said first and s e cond r e strict e d 

applications; and 

[[said]] means for automatically logging in is responsiv e to said us e r: identifying 
said second restricted application accessible using a user's sign-on in response to a user 
signing on to said first restricted application [[only,]]; 

means for displaying, to said user, information identifying a selection of said 
second restricted application; and 

means for automatically logging in to said second restricted application for said 
user in response to said user requesting access to said second restricted application by 
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selecting from said information displayed to said user, wherein no additional key 
repository is required by said first restricted application and said second restricted 
a pplication . 

21. (Currently amended) The system of Claim 20, wherein said means for 
automatically logging in further comprises: 

means for receiving from said first restricted application, a request to initiate said 
means for automatically logging in; 

means for sending to said user's client, via said first restricted application, a 
response, having a complete-automatic-log-in URL, and a token; 

means for receiving directly from said user's client a request, having said token; 

and 

means for sending directly to said user's client a response, having authenticated 
session information, and a [["]]welcome[["]] URL or initial URL . 

22. (Original) The system of Claim 2 1 , further comprising; 
means for creating said token; 

means for storing a copy of said token; and 

means for associating said token with said request to initiate. 

23. (Original) The system of Claim 21, further comprising: 

means for verifying said token received from said user's client; and 
means for establishing a relationship and access level for said user's client. 

24. (Currently amended) The system of Claim 21, wherein: 

said token could r e pr e s e nt represents an appropriate level of access. 

25. (Original) The system of Claim 20, further comprising: 

means for receiving from said user's client a request for access to said second 
restricted application; 

Page 6 of 23 
Bosticketal.- 10/645,178 



means for determining for said user, and said second restricted application, what 
level of access should be granted; and 

means for sending to said second restricted application a request to initiate said 
means for automatically logging in. 

26. (Currently amended) A computer-usable storage medium, having computer- 
executable instructions for permitting access to applications, said computer-usable 
storage medium comprising: 

means for registering a first restricted application with a second restricted 
application; [[and]] 

m e ans for automatically logging in to said second restrict e d application, for a 
us e r; wherein: 

no additional key repository is requir e d by said first and second r e stricted 
applications; and 

[[said]] means for automatically logging in is responsiv e to said us e r: identifying 
said second restricted application accessible using a user's sign-on in response to a user 
signing on to said first restricted application [[only,]]; 

means for displaying, to said user, information identifying a selection of said 
second restricted application; and 

means for automatically logging in to said second restricted application for said 
user, in response to said user requesting access to said second restricted application by 
selecting from said information displayed to said user, wherein no additional key 
repository is required by said first restricted application and said second restricted 
application . 

27. (Currently amended) The computer-usable storage medium of Claim 26, wherein 
said means for automatically logging in further comprises: 

means for receiving from said first restricted application, a request to initiate said 
means for automatically logging in; 

means for sending to said user's client, via said first restricted application, a 
response, having a complete-automatic-log-in URL, and token; 
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means for receiving directly from said user's client a request, having said token; 

and 

means for sending directly to said user's client a response, having authenticated 
session information, and a welcome URL. 

28. (Currently amended) The computer-usable storage medium of Claim 27, further 
comprising: 

means for creating said token; 

means for storing a copy of said token; and 

means for associating said token with said request to initiate. 

29. (Currently amended) The computer-usable storage medium of Claim 27, further 
comprising: 

means for verifying said token received from said user's client; and 
means for establishing a relationship and access level for said user's client. 

30. (Currently amended) The computer-usable storage medivmi of Claim 27, 
wherein: 

said token represents an appropriate level of access. 

3 1 . (Currently amended) The computer-usable storage medivmi of Claim 26, further 
comprising: 

means for receiving from said user's client a request for access to said second 
restricted application; 

means for determining for said user, and said second restricted application, what 
level of access should be granted; and 

means for sending to said second restricted application a request to initiate said 
means for automatically logging in. 
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32. (New) The method of Claim 14, wherein: 

said displaying fUrther comprises said first restricted application sending a 
document in hypertext markup language, wherein said document includes at least one of 
a list or menu and wherein said at least one list or menu includes areas that are selectable 
by said user. 

33. (New) The system ofClaim 20, wherein: 

said means for displaying further comprises said first restricted application 
sending a document in hypertext markup language, wherein said document includes at 
least one of a list or menu and wherein said at least one list or menu includes areas that 
are selectable by said user. 

34. (New) The computer-usable storage medium of Claim 26, wherein: 

said means for displaying further comprises said first restricted application 
sending a document in hypertext markup language, wherein said document includes at 
least one of a list or menu and wherein said at least one list or menu includes areas that 
are selectable by said user. 
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